CI: add frontend typecheck, tighten permissions, and publish artifact download links in PR comments

[hoangsvit]

Motivation

• Ensure frontend types are checked in CI by running a dedicated typecheck step to catch issues early.
• Provide clearer download links for desktop build artifacts in PR comments by including per-artifact URLs and the workflow run URL.
• Restrict the workflow token permissions by adding actions: read to follow least-privilege principles.

Description

• Added a Typecheck frontend step that runs npm run typecheck before building the frontend.
• Enhanced the PR comment step to list artifacts dynamically using github.rest.actions.listWorkflowRunArtifacts, construct direct artifact URLs, and include the workflow run URL in the message.
• Added actions: read under permissions and improved the workflow run summary to print the run URL and clearer artifact download instructions.

Testing

• Executed the updated GitHub Actions CI workflow (matrix build) which ran npm ci, npm run typecheck, npm run build, npm run tauri:check, and npm run tauri -- build, and the run completed successfully.
• The artifact upload step (actions/upload-artifact@v4) executed and artifacts were listed by the workflow comment step without errors.
• No new unit tests were added or modified as part of this change.

---

Codex Task

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[github-actions]

GitPilot build artifacts are ready

One CI workflow run built all 3 desktop apps: open workflow run.

Download links:

• windows: gitpilot-windows
• macos: gitpilot-macos
• linux: gitpilot-linux